# INTELLIGENCE BRIEFING: 185.220.101.27
Classification: Tor Exit Node Infrastructure
Risk Assessment: Moderate Risk (59/100)
Date of Analysis: 2026-06-24
---
## EXECUTIVE SUMMARY
IP address 185.220.101.27 is identified as a Tor exit node operating from Berlin, Germany under ASN 60729 (ARTIKEL10-MNT). The IP exhibits moderate risk characteristics with Tor exit node indicators confirmed through multiple threat feeds. The subnet demonstrates elevated abuse density (40.14%) with 57 out of 142 sibling IPs flagged as threats.
---
## NETWORK PROFILE
Ownership & Infrastructure:
- ASN: 60729 (ARTIKEL10-MNT)
- RIR: RIPE (Germany)
- Network Block: 185.220.101.0/24
- Hostname: berlin01.tor-exit.artikel10.org
- PTR Record: berlin01.tor-exit.artikel10.org
Classification Flags:
- Tor Exit Node: YES
- Open Ports: None detected
- Services: Firewall protected / No services exposed
- CDN/Cloud/Proxy: No indicators
---
## THREAT INDICATORS
Primary Indicators:
- Tor exit node indicators observed in multiple threat feeds
- DNSBL listings: 2 of 8 total blacklists (including high-severity listings)
- Reputation Sources: Tor network association
Abuse Metrics:
- Risk Score: 59/100 (Moderate)
- Abuse Confidence Score: Not applicable (Tor infrastructure)
- Threat Persistence: 0 days (non-malicious persistence indicator)
- Known Campaigns: None correlated
---
## TEMPORAL ANALYSIS
Observation History: 48 historical observations recorded
- Recent signal classifications: "Minimal" risk
- DNSBL listings observed: 2 total
- Ownership changes: 0
- Threat observation count: 1
- Risk trajectory: Stable with no escalation indicators
---
## SUBNET CONTEXT
185.220.101.0/24 Neighborhood Analysis:
- Total Siblings: 142
- Active Siblings: 28
- Threat Siblings: 57
- Abuse Density: 40.14%
- Classification: Mixed (1 high, 97 medium, 2 low risk)
Implications: The subnet operates mixed-use infrastructure with significant Tor node concentration. Contextual analysis indicates this IP is part of a larger anonymization network infrastructure.
---
## RELATIONSHIP GRAPH
Associated Entities (165 relationships):
- Network: ARTIKEL10 (primary)
- DNS: berlin01.tor-exit.artikel10.org (confirmed)
- Multiple Tor exit node associations
---
## RECOMMENDED ACTIONS
Immediate:
1. Enhanced Logging: Increase logging verbosity for all traffic from this IP range
2. Access Control: Consider enhanced verification procedures for anonymous traffic
3. Blocking Decision: Evaluate blocking based on organizational policy regarding Tor traffic
Firewall Rules Provided:
- `iptables -A INPUT -s 185.220.101.27 -j DROP`
- `nft add rule inet filter input ip saddr 185.220.101.27 drop`
- `nginx deny 185.220.101.27;`
Monitoring:
- Monitor for behavioral changes in anonymous traffic patterns
- Track DNSBL listing status changes
- Review correlation with other ARTIKEL10 infrastructure
---
Analysis Notes: This IP represents legitimate Tor exit node infrastructure rather than active malicious activity. Risk rating reflects Tor network abuse potential rather than confirmed attacks. SOC teams should balance blocking considerations against legitimate use case requirements.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | ARTIKEL10-MNT |
| ASN | AS60729 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | berlin01.tor-exit.artikel10.org |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | berlin01.tor-exit.artikel10.org |
๐ DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | Present |
| DMARC | Not configured |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Tier 3 โ Basic operator with some routing infrastructure |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 30% | 2 | 3 |
| routing | 13% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 27% | 2 | 3 |
| Overall | 21% | 9 | 14 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 13:35:43 UTC |
| Last Seen | 2026-06-26 21:06:49 UTC |
| Profile Built | 2026-06-27 17:12:01 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 50 |
Full dossier details are available via our API.